Ubuntu: (Multiple Advisories) (CVE-2024-26870): Linux kernel vulnerabilities
Description
In the Linux kernel, the following vulnerability has been resolved: NFSv4.2: fix nfs4_listxattr kernel BUG at mm/usercopy.c:102 A call to listxattr() with a buffer size = 0 returns the actual size of the buffer needed for a subsequent call. When size > 0, nfs4_listxattr() does not return an error because either generic_listxattr() or nfs4_listxattr_nfs4_label() consumes exactly all the bytes then size is 0 when calling nfs4_listxattr_nfs4_user() which then triggers the following kernel BUG: [ 99.403778] kernel BUG at mm/usercopy.c:102! [ 99.404063] Internal error: Oops - BUG: 00000000f2000800 [#1] SMP [ 99.408463] CPU: 0 PID: 3310 Comm: python3 Not tainted 6.6.0-61.fc40.aarch64 #1 [ 99.415827] Call trace: [ 99.415985] usercopy_abort+0x70/0xa0 [ 99.416227] __check_heap_object+0x134/0x158 [ 99.416505] check_heap_object+0x150/0x188 [ 99.416696] __check_object_size.part.0+0x78/0x168 [ 99.416886] __check_object_size+0x28/0x40 [ 99.417078] listxattr+0x8c/0x120 [ 99.417252] path_listxattr+0x78/0xe0 [ 99.417476] __arm64_sys_listxattr+0x28/0x40 [ 99.417723] invoke_syscall+0x78/0x100 [ 99.417929] el0_svc_common.constprop.0+0x48/0xf0 [ 99.418186] do_el0_svc+0x24/0x38 [ 99.418376] el0_svc+0x3c/0x110 [ 99.418554] el0t_64_sync_handler+0x120/0x130 [ 99.418788] el0t_64_sync+0x194/0x198 [ 99.418994] Code: aa0003e3 d000a3e0 91310000 97f49bdb (d4210000) Issue is reproduced when generic_listxattr() returns 'system.nfs4_acl', thus calling lisxattr() with size = 16 will trigger the bug. Add check on nfs4_listxattr() to return ERANGE error when it is called with size > 0 and the return value is greater than size.
Solution(s)
- ubuntu-upgrade-linux-image-5-15-0-1030-xilinx-zynqmp
- ubuntu-upgrade-linux-image-5-15-0-1046-gkeop
- ubuntu-upgrade-linux-image-5-15-0-1056-ibm
- ubuntu-upgrade-linux-image-5-15-0-1057-ibm
- ubuntu-upgrade-linux-image-5-15-0-1058-intel-iotg
- ubuntu-upgrade-linux-image-5-15-0-1058-nvidia
- ubuntu-upgrade-linux-image-5-15-0-1058-nvidia-lowlatency
- ubuntu-upgrade-linux-image-5-15-0-1060-gke
- ubuntu-upgrade-linux-image-5-15-0-1060-kvm
- ubuntu-upgrade-linux-image-5-15-0-1061-oracle
- ubuntu-upgrade-linux-image-5-15-0-1062-gcp
- ubuntu-upgrade-linux-image-5-15-0-1063-aws
- ubuntu-upgrade-linux-image-5-15-0-1065-azure-fde
- ubuntu-upgrade-linux-image-5-15-0-1066-azure
- ubuntu-upgrade-linux-image-5-15-0-110-lowlatency
- ubuntu-upgrade-linux-image-5-15-0-110-lowlatency-64k
- ubuntu-upgrade-linux-image-5-15-0-112-generic
- ubuntu-upgrade-linux-image-5-15-0-112-generic-64k
- ubuntu-upgrade-linux-image-5-15-0-112-generic-lpae
- ubuntu-upgrade-linux-image-5-15-0-113-generic
- ubuntu-upgrade-linux-image-5-15-0-113-generic-64k
- ubuntu-upgrade-linux-image-5-15-0-113-generic-lpae
- ubuntu-upgrade-linux-image-6-8-0-1004-gke
- ubuntu-upgrade-linux-image-6-8-0-1005-raspi
- ubuntu-upgrade-linux-image-6-8-0-1006-ibm
- ubuntu-upgrade-linux-image-6-8-0-1006-oem
- ubuntu-upgrade-linux-image-6-8-0-1006-oracle
- ubuntu-upgrade-linux-image-6-8-0-1006-oracle-64k
- ubuntu-upgrade-linux-image-6-8-0-1008-azure
- ubuntu-upgrade-linux-image-6-8-0-1008-azure-fde
- ubuntu-upgrade-linux-image-6-8-0-1008-gcp
- ubuntu-upgrade-linux-image-6-8-0-1009-aws
- ubuntu-upgrade-linux-image-6-8-0-35-generic
- ubuntu-upgrade-linux-image-6-8-0-35-generic-64k
- ubuntu-upgrade-linux-image-6-8-0-35-lowlatency
- ubuntu-upgrade-linux-image-6-8-0-35-lowlatency-64k
- ubuntu-upgrade-linux-image-aws
- ubuntu-upgrade-linux-image-aws-lts-22-04
- ubuntu-upgrade-linux-image-azure
- ubuntu-upgrade-linux-image-azure-fde
- ubuntu-upgrade-linux-image-azure-fde-lts-22-04
- ubuntu-upgrade-linux-image-azure-lts-22-04
- ubuntu-upgrade-linux-image-gcp
- ubuntu-upgrade-linux-image-gcp-lts-22-04
- ubuntu-upgrade-linux-image-generic
- ubuntu-upgrade-linux-image-generic-64k
- ubuntu-upgrade-linux-image-generic-64k-hwe-20-04
- ubuntu-upgrade-linux-image-generic-64k-hwe-24-04
- ubuntu-upgrade-linux-image-generic-hwe-20-04
- ubuntu-upgrade-linux-image-generic-hwe-24-04
- ubuntu-upgrade-linux-image-generic-lpae
- ubuntu-upgrade-linux-image-generic-lpae-hwe-20-04
- ubuntu-upgrade-linux-image-gke
- ubuntu-upgrade-linux-image-gke-5-15
- ubuntu-upgrade-linux-image-gkeop
- ubuntu-upgrade-linux-image-gkeop-5-15
- ubuntu-upgrade-linux-image-ibm
- ubuntu-upgrade-linux-image-ibm-classic
- ubuntu-upgrade-linux-image-ibm-lts-24-04
- ubuntu-upgrade-linux-image-intel
- ubuntu-upgrade-linux-image-intel-iotg
- ubuntu-upgrade-linux-image-kvm
- ubuntu-upgrade-linux-image-lowlatency
- ubuntu-upgrade-linux-image-lowlatency-64k
- ubuntu-upgrade-linux-image-lowlatency-64k-hwe-20-04
- ubuntu-upgrade-linux-image-lowlatency-hwe-20-04
- ubuntu-upgrade-linux-image-nvidia
- ubuntu-upgrade-linux-image-nvidia-lowlatency
- ubuntu-upgrade-linux-image-oem-20-04
- ubuntu-upgrade-linux-image-oem-20-04b
- ubuntu-upgrade-linux-image-oem-20-04c
- ubuntu-upgrade-linux-image-oem-20-04d
- ubuntu-upgrade-linux-image-oem-24-04
- ubuntu-upgrade-linux-image-oem-24-04a
- ubuntu-upgrade-linux-image-oracle
- ubuntu-upgrade-linux-image-oracle-64k
- ubuntu-upgrade-linux-image-oracle-lts-22-04
- ubuntu-upgrade-linux-image-raspi
- ubuntu-upgrade-linux-image-virtual
- ubuntu-upgrade-linux-image-virtual-hwe-20-04
- ubuntu-upgrade-linux-image-virtual-hwe-24-04
- ubuntu-upgrade-linux-image-xilinx-zynqmp
- Lightweight Endpoint Agent
- Live Dashboards
- Real Risk Prioritization
- IT-Integrated Remediation Projects
- Cloud, Virtual, and Container Assessment
- Integrated Threat Feeds
- Easy-to-Use RESTful API
- Automation-Assisted Patching
- Automated Containment
With Rapid7 live dashboards, I have a clear view of all the assets on my network, which ones can be exploited, and what I need to do in order to reduce the risk in my environment in real-time. No other tool gives us that kind of value and insight.
– Scott Cheney, Manager of Information Security, Sierra View Medical Center